公告ID: KYLIN-2019-14744
安全等级: 重要
产品: Kylin V3
发布日期: 2019年8月12日
CVE: CVE-2019-14744
CVSS3评分: 8.8
概述:
This issue affects the versions of kdelibs as shipped with Kylin Enterprise Linux 5, 6, and 7. Kylin Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/. Kylin Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/. 描述:
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
受影响包列表:
kdelibs
kdelibs
kdelibs